C-SMS-4.3.1. HIRA - Hazard Identification and Risk Assessment

SAFETY MANAGEMENT SYSTEM C/SMS/4.3.1.
REV: 02
HIRA – Hazard Identification and Risk Assessment DATE: 07/2010
Page 1 of 21
Purpose
The purpose of this document is to formalize a documented procedure explaining the
criteria and methodology to be applied in order to develop a Baseline Risk Register,
Hazard Identification and Risk Assessment (HIRA) which are legally compliant,
meets the minimum requirements of the OHSAS 18001:2007 Standard, Risk
Management principals and practice and the Health and Safety Industry minimum
requirements and guidelines.
Scope
This procedure deals with the training content to be provided to persons seeking
clarity and competency on the HIRA process and who are tasked with the
development of such a document. It also seeks to ensure that the legal and other
requirements are met and maintained in the compilation of such a HIRA.
Abbreviations
H&S – Health and Safety
OHSAS – Occupational Health and Safety Assessment Series
PPE – Personal Protective Equipment
OHSA – Occupational Health and Safety Act
MHSA – Mine Health and Safety Act
ALARP – As Low as Reasonably Practicable
HIRA: - Hazard Identification and Risk Assessment
Definitions
Skills Matrix – This is a matrix indicating the employee, his area of employ and the
training and qualifications needed to equip this person in order for him/her to perform
his/her duties safe and effectively.
Hazard – MHS Act - means a source of or exposure to danger
- OHS Act - means a source of or exposure to danger
- NADSAM Study materials
Compiled by: H. Mienie Verified by: I.Louw Authorised by: A.H. Henning
Position: SHEQ Manager Position: Operations Manager Position: Managing Director
Signature: Signature: Signature:

REV: 02
Page 2 of 21
- Safety Principles and Practice - means a source of or exposure to danger
- Risk Management – A hazard is a condition or activity that creates,

introduces or increases the frequency and/or the severity of a loss from a
given peril.
- OHSAS 18001:2007 – source, situation, or act with a potential for harm in
terms of human injury or ill health, or a combination of these.
Risk – MHS Act - means the likelihood that occupational injury or harm to persons
will occur
- OHS Act - means the probability that injury or damage will occur
- NADSAM Study materials
Safety Principles and Practice – Probability that injury/damage will
occur
Risk Management – Is the presence of uncertainty and is measured as
the variation from the expected outcome of a given situation
- OHSAS 18001:2007 – combination of the likelihood of an occurrence of a
hazardous event or exposure(s) and the severity of injury or ill health that
can be caused by the event or exposure
Pure Risk – NADSAM Study Material Risk Management 1 – A pure risk is a risk
which results only in loss or injury with no potential for gain or advantage.
- “refers to those risks that offer only the prospective of loss.”
Initial Risk Rating – Is the first/initial assessment of the criteria of a specific risk,
excluding any mitigation/controls
Residual Risk – That portion of the initial risk rating that is left after the effectiveness
of the mitigating factors or controls have been applied to it in order
to reduce it to an acceptable level.
Healthy – MHS Act - means free from illness or injury attributable to occupational
causes;
- OHS Act - means free from illness or injury attributable to occupational
causes;

REV: 02
Page 3 of 21
Ill Health - OHSAS 18001:2007 – identifiable, adverse physical or mental condition

arising from and/or made worse by a work activity and/or work-related situation
Danger – OHS Act - means anything which may cause injury or damage to persons
or property;
Peril – NADSAM Study materials – Risk Management 1 – Pg 4

A peril is an event that may cause a loss, e.g. a fire. In modern parlance, the term
“risk” sometimes replaces peril, but unless it is clear from the context exactly what is
meant, it is suggested that “risk” may be qualified by naming the peril concerned,
e.g. Fire Risk.
Reasonably Practicable:
– MHS Act - reasonably practicable means practicable having regard to -
(a) the severity and scope of the hazard or risk concerned;
(b) the state of knowledge reasonably available concerning that hazard or risk
and of any means of removing or mitigating that hazard or risk;
(c) the availability and suitability of means to remove or mitigate that hazard or
risk; and
(d) the costs and the benefits of removing or mitigating that hazard or risk;
- OHS Act - reasonably practicable means practicable having regard to-
(a) the severity and scope of the hazard or risk concerned;
(b) the state of knowledge reasonably available concerning that hazard or risk
and of any means of removing or mitigating that hazard or risk;
(c) the availability and suitability of means to remove or mitigate that hazard or
risk; and
(d) the cost of removing or mitigating that hazard or risk in relation to the benefits
deriving there from;

REV: 02
Page 4 of 21
Safe(ty) – MHS Act - means safety at mines

- OHS Act - means free from any hazard;
Hazard Identification - OHSAS 18001: 2007 – process of recognizing that a hazard

exists and defining its characteristics
- NADSAM Study materials – Risk Management 1 - “a
systematic process for establishing what can go wrong (cause) and what harm/loss
could be caused (consequence).” And “…any condition or act with the potential to
cause harm”.
- Safety Principles and Practice 1 – Chapter 12, Pg 142 & 143
“The first step in a comprehensive hazard control programme is to identify and
evaluate workplace hazards. These hazards are normally associated with
machinery, equipment, tools, operations, materials and physical plant.
- MHS Act – Although the act itself do not define hazard
identification and risk assessment this gap have been identified and has
been addressed by SIMRAC in their “Tripartite Working Group on Risk
Assessment – Practical Guide to the Risk Assessment process”.
“The first and most important stage in the risk assessment process is the
identification of hazards, in other words, the adoption of some systematic
way of allowing us to “see” the hazards present in the work place. If the
hazard identification is not carried out carefully, the subsequent analysis of
risks and the development of risk control measures become pointless.” page
6.
“The intension should be that, through the risk assessment process, all of the
organization and its activities are comprehensively reviewed and assessed.”
Page 6.
“Whichever method is adopted, the approach to hazard identification should
be holistic, that is, it should not concentrate on one type of hazards but
should be broadly based and should seek to identify all possible hazards to
those at work or who may be affected by the work activities.” Page 8.
Risk Assessment – OHSAS 18001:2007 – Process of evaluating the risk(s) arising

from a hazard(s), taking into account the adequacy of any existing controls,
and deciding whether or not the risk(s) is acceptable

REV: 02
Page 5 of 21
- NADSAM Study materials:

– Risk Management 1 – Chapter 4; Paragraph 4.1.3. “Knowing
or having identified a particular hazard has little meaning if it is not put in
perspective, i.e. knowing the risk that it poses. It would be good to know, for
example, that there are numerous hazards in the form of rotating shafts and gears
that are unprotected, as well as knowing what the risk is. In other words, what the
likelihood of somebody being injured and how serious would the consequences
(injuries) be? If we know this, we know what action to take – if any. For example,
suppose the rotating shaft is on a very small electric motor that can be easily
stopped by hand – the potential for injury and the severity of the injury are negligible,
although the hazard of a rotating shaft exists. On the other hand, existing controls
may or may not be adequate, i.e. existing control measures have already reduced
the level of risk to an acceptable level. Due to the fact that risk consists of both
likelihood and consequence, only once both have been established can risk be
determined.
Tolerable Risk - OHSAS 18002: 1999; Definitions: 3.17 “risk that has been reduced
to a level that can be endured by the organization having regard to its legal
obligations and its own OH&S policy”
- NADSAM Study material: Risk Management 1, Chapter 4, Pg 69 “When
considering risk tolerability, all risks fall into one of three categories in
terms of the “As Low As Reasonably Practicable (ALARP) point of view:
- Negligible – the level of risk is negligible and nothing further needs to be
done to mitigate the risk
- ALARP – something has to be done to reduce the risk to an acceptable
level
- Unacceptable – the risk is unacceptably high, regardless of the benefits
gained from taking the risk
Acceptable Risk: OHSAS 18001:2007; Definitions: 3.1 “risk that has been reduced to
a level that can be endured by the organization having regard to its legal obligations
and its own OH&S policy”
Risk Reduction: NADSAM Study material: Risk Management 1, Chapter5, Pg 77

“Risk Control – is the development, implementation, monitoring and upgrading of
appropriate levels of control measures for the control of identified and assessed pure

REV: 02
Page 6 of 21
risks, aimed at reducing the frequency and consequence of the adverse effects of
pure risk.” (Mitigation, Controls)
Can be described as that effect that the controls, mitigation has on the initial
assessment of the risk to reduce it to an acceptable level of risk, therefore it can be
described as the effectiveness of the controls, mitigation. Thus resulting in an initial
risk value and a residual risk value, the difference between the two being the
effectiveness of the various controls, mitigation, expressed as a percentage or
numeric value having a mitigating effect on the various components of risk.
ALARP – (As low as reasonably practicable) NADSAM Study Material – Risk

Management 1 Pg 69 & 70 Something has to be done to reduce the risk to
an acceptable level.
Frequency/Likelihood:
NADSAM Study materials – Risk Management 1, Chapter4, Paragraph 4.1.3 Risk
Analysis Pg 58:
Combination of exposure and probability. Exposure is the actual time period that the
resource at risk is exposed to the hazard. Probability is the chance of the loss,
damage or injury actually taking place during the exposure time. If the exposure or
probability increases, the frequency at which the event can take place also
increases.
OHSAS 18001:2007; Clause 4.3.1. “The organization’s methodology for hazard
identification and risk assessment shall:
a) be defined with respect to its scope, nature and timing to ensure it is
proactive rather than reactive; and”
(Scope – range of things that a subject, an organization, an activity deals with).
This can also be seen as defining the beginning and the end, or time of exposure
that the resource at risk is exposed to the risk)
Tripartite Working Group – Practical Guide to Risk Assessment:
Frequency (likelihood)
This is normally a compound of two separate factors. Firstly, EXPOSURE
which is an analysis of how often and for how long the employees involved are

REV: 02
Page 7 of 21
exposed to the hazard. Secondly, it includes an analysis of PROBABILITY. That is
the chance that a person will be harmed during the exposure period.
Severity:
NADSAM Study Material – Risk Management 1 = Consequence analysis (Chapter 4
pg 65): Determining the potential consequence if the event occurs. A consequence
analysis is always based on the worst case scenario.
Effects on people: When analyzing the effects on people, you first have to decide if
the analysis will consider:
- employees
- customers
- 3rd parties/the public
You should then consider the effect that it would have on people in terms of the
following:
- Immediate fatalities
- Fatalities while escaping
- Delayed fatalities
- Injury/ill health
Tripartite Working Group: Practical guide to Risk Assessment:

Consequence assessment
Here the degree of harm from the identified hazard is assessed in terms of the
potential severity of the injuries or ill health and/or the number of people
potentially affected.
Effectiveness of Controls/Mitigation: 3.22 risk assessment process of evaluating the

risk(s) (3.21) arising from a hazard(s), taking into account the adequacy of any
existing controls, and deciding whether or not the risk(s) is acceptable (BSI
OHSAS18001:2007 – 3 Terms and Definitions)

REV: 02
Page 8 of 21
Description/Methodology:
In this procedure we will try and explain the process to be followed to compile a
HIRA. We have derived this process from the understanding of the above
mentioned/listed sources/definitions.
The following shall be taken into consideration in the compilation of the Baseline
Risk Assessment of the organization:
a) routine and non-routine activities;
b) activities of all persons having access to the workplace (including contractors and
visitors);
c) human behaviour, capabilities and other human factors;
d) identified hazards originating outside the workplace capable of adversely affecting
the health and safety of persons under the control of the organization within the
workplace;
e) hazards created in the vicinity of the workplace by work-related activities under
the control of the organization;
f) infrastructure, equipment and materials at the workplace, whether provided by the
organization or others;
g) changes or proposed changes in the organization, its activities, or materials;
h) modifications to the OH&S management system, including temporary changes,
and their impacts on operations, processes, and activities;
i) any applicable legal obligations relating to risk assessment and implementation of
necessary controls ;
j) the design of work areas, processes, installations, machinery/equipment, operating
procedures and work organization, including their adaptation to human capabilities.
The organization’s methodology for hazard identification and risk assessment shall:
a) be defined with respect to its scope, nature and timing to ensure it is proactive
rather than reactive; and
b) provide for the identification, prioritization and documentation of risks, and the
application of controls, as appropriate.
For the management of change, the organization shall identify the OH&S hazards
and OH&S risks associated with changes in the organization, the OH&S
management system, or its activities, prior to the introduction of such changes. This
section of the requirement of the OHSAS 18001:2007 Standard have been catered
for within a procedure developed for the “Management of Change – C/SMS/4.3.1.5”.
The organization shall ensure that the results of these assessments are considered
when determining controls.
When determining controls, or considering changes to existing controls,
consideration shall be given to reducing the risks according to the following
hierarchy:

REV: 02
Page 9 of 21
a) elimination;
b) substitution;
c) engineering controls;
d) signage/warnings and/or administrative controls;
e) personal protective equipment.
This is done by the assessment teams as part of the risk assessment process when
new or additional controls are being considered.
All the above mentioned criteria have been catered for in the template excel
spreadsheet used for the compilation of the Baseline HIRA and Issue Based Risk
Assessments.
1. Scope of the HIRA:
Firstly we need to understand the scope in which this HIRA is to be applied and the
scope to which it needs to prescribe.
As many organisations consist of a combination of industrial and mining activities it is
recommended that an all incorporating approach to the development of a HIRA is
taken. By this we mean that the HIRA that we need to develop needs to meet the
requirements of the OSH Act, the Mine Health and Safety Act, requirements set by
the OHSAS 18001: 2007 management system and requirements set by the
academic institutions (UNISA – NADSAM) or Health and Safety industry.
To accomplish this we need to identify the sources we are going to use and apply,
and they will be the following:
The Occupational Health and Safety Act 85 of 1993
The Minerals Act 50 of 1991
The Mine Health and Safety Act 29 of 1996
SIMRAC Guidelines
The OHSAS 18001:1999 and the OHSAS18002
The OHSAS 18001:2007
National Diploma in Safety Management study materials: Risk Management 1 and
Safety Principals and Practice 1

REV: 02
Page 10 of 21
2. Intent of the Legislation:
As we have already explained the core of all the above sources in the definitions we
also need to understand what is required of us in doing a HIRA. We need to combine
all the information from these sources and make sense of it. To accomplish this we
need to interpret the pieces of legislation and to do this we need to be able to
understand the intentions of the act. Therefore the intention of the legislature must
be ascertained. In other words, the intention of parliament as “author” of the statute
must be found.
We think that assuming that the intention of the ‘legislature’ – parliament, was to
protect the health and safety of all employees at the work place by creating a
environment that is without risk to the health and safety of all employees by
enforcing a process of HIRA, is a safe interpretation of the acts. (MHSA 29 OF 1993
– Chapter 1 (a) to (h); OHSACT 85 of 1993 – Section 8 (a) to (j)
The whole intent of the MHSA and the OHSACT is however to move away from
being paternal and prescriptive to self regulatory. Meaning that the law does not
prescribe for each and every situation like the old Minerals Act used to, but the
employer needs to demonstrate that they acted reasonably practicable in their
actions and their process of HIRA must verify this.
This brings us to the reasonable man theory. Did the employer act like a reasonable
man by identifying all the sources of danger? And if the employer has identified all
the sources of danger, what did he/she do about them. Did his/her actions taken
toward reducing the level of risk to an acceptable level of risk demonstrate that it is in
line with that of a reasonable man? Therefore the ball is in the employers court to
prove that everything reasonably practicable have been done to prevent the
identified hazard or risk from manifesting. Neglecting to identify the hazards or risk
shall result in exactly that, negligence. Only 1% negligence is needed to prove
negligence, more than that may constitute gross negligence.
3. Practical Rules to follow:

REV: 02
Page 11 of 21
1. Team
To compile a HIRA a couple of simple rules need to be followed. Firstly a team of

people needs to be used, preferable a horizontal cross section of the employees,
giving special attention to ensure that the employee elected representatives are
included into these teams. (This is a legal as well as an OHSAS 18001 requirement.)
The team involved needs to be recorded on the HIRA Assessment Team Form for
record purposes and objective evidence that employee representative have indeed
been involved in the HIRA process for a certain process, task, activity. All the
information is entered into the HIRA Template.
2. Scope (Processes)
Secondly in order to be able to create an environment that is without risk to the

health and safety of an employee you need to be able to identify all the risks whether
significant or not. To accomplish this systematic approach needs to be followed.
Start at a point and end at another ensuring that all processes in-between have been
covered. The best practical way of doing this is using your process flow chart and to
start at the start and end at the end of your flow chart. Although we might have
smaller processes that make up bigger processes which ends as the organization it
is important to break it up as far as possible in order to be able to identify all activities
being performed by employees within a process area and within the organization.
Several smaller processes can be grouped into bigger processes; these bigger
processes can be called geographical areas, the smaller ones functional areas.
Specific disciplines, like engineering ext must also be catered for in these functional
areas as there might be activities performed by these disciplines that might be
overlooked if not catered for especially the non routine activities such as shut down
and rebuilds ext.
Equipment, materials and substances also needs to be listed as these sometime do

have inherent hazards and risks associated with them that might be overlooked. It is
good practice to make use of all the information available on these, such as product
manuals, MSDS ext. to compile the HIRA.
Keeping in mind that the support systems/processes like finance, administration,
stores, engineering, maintenance ext. also needs to be included in your HIRA. This
also includes outsourced activities, although the activity is outsourced to a
contractor, the contractor is still performing activities on behalf of the organization
and in terms of Health and Safety legislation the contracted employees is seen as
part of the organizations workforce.

REV: 02
Page 12 of 21
3. Training
Thirdly these team members are trained on how to do a HIRA. They need to be
equipped with the tools to be able to perform this to the best of their ability. It
therefore only makes sense that the level of training be of such a nature that even
the person at the lowest level of education in the organization must understand it and
be able to apply it. KISS – Keep It Simple Sam. The type of organization and their
literacy levels shall dictate the complexity of the criteria and methodology used.
4. List the Activities
Fourthly all activities must be listed. The reason why activities performed by
employees within a process area are used as the source of identifying the hazards
and risks is because it is a requirement by the standard, OHSAS 18001:2007. And
the only instance where an employee can be injured or be exposed to risk in the
process areas is where they perform an activity within that process area. Here we
also need to look at human behaviour, Absent Mindedness, Changes in Moods,
Horse playing is an activity. Although not an activity desired by the employer in the
process area, but it stays an activity and may result in an accident/incident and are
required by the standard to be catered for (OHSAS 18001:2007 4.3.1. (c).
Cognisance must be given to routine and non-routine activities – emphasis on

activity, not the hazard or the risk, the activity. Is the activity being performed
routinely or non-routinely?
5. List the Hazards associated with the activity
Fifthly, after listing all the identified activities within a process area we need to list
the associated hazards. What sources of danger is there associated with the activity
performed by the employee. Many instances employees work with chemicals like
arsenic, all other things are listed as hazards but the inherent hazard of arsenic is
ignored. Arsenic is a lethal poison; therefore one of the hazards will be “hazardous
chemical substance – poisonous”.
In many instances the hazards and the risks gets mixed up, or the hazards listed are
actually risks or the risks are actually hazards or no risks are identified at all. The act
and the standard requires of you to assess risks, not the hazards (Sources of
danger). It sounds simple but if you look at the definitions of the two and the
components out of which risk assessment consists, the understand is that it may not
be mixed up.
6. List the Risks associated with the Hazards

REV: 02
Page 13 of 21
After identifying the Hazard, the associated risks need to be identified and listed.
Many techniques exist to do this; the most effective technique is the SWIFT
(Systematic What If Technique). One hazard may have several risks, all of these
needs to be assessed individually as their representative components of risk may
differ resulting in differing risk ratings/significance. Because of this their
controls/mitigation shall differ and the effectiveness of the various controls/mitigation
shall differ resulting in different residual risk ratings.
Needless to say, with a Baseline HIRA worst case scenario must be taken when
considering the risks. It is not the team’s task to choose between death and serious
injury, the worst case scenario shall be used. The initial risk rating shall be calculated
excluding controls/mitigation. (This is called the RAW Risk Rating; this is not actually
the correct terminology as this is a financial term.) Therefore is shall be referred to as
the Initial Risk Rating.
All the controls and mitigation shall through their effectiveness mitigate this risk to an
acceptable level of risk. It is important to note that one activity may have several
hazards and one hazard may have several risks. All of these must be assessed
individually as their significance may vary as well as their controls may differ.
Health risks are those that may impact on the long term wellness of a person and are
usually associated with the internal wellness of a person e.g. Noise – Hearing Loss,
Vibration – Full Body Vibration, White Finger Disease, Dust – Silicosis, Asbestosis
ext.
Safety risks are more those that may have a more immediate impact on the persons
external wellbeing e.g. Sharp Edges – Lacerations, Moving Machinery –
Amputations, Fractures ext.
7. Assess the Risk

Then the risk then needs to be assessed. This is the process through which the
significance of a risk is expressed into a numeric value as determined by a matrix
where the various components of risk is allocated a numeric value in order of
importance/significance. The risk rating is therefore the product of the three
components of risk.
It is important to take note that risk consists out of three components. Severity –
seriousness of the incident. Likelihood is a product of Exposure and Probability.
One of the controls regularly applied in practice is removing an employee from the
source of danger or by erecting engineering controls such as mechanical guarding
between the source of danger and the person/employee. Leaving the component of
exposure out of the risk rating criteria eliminates these controls measures from being
used as mitigation to reduce the risk to an acceptable level of risk.
The product of these three components gives you the initial risk rating. Some risks
may be intolerable; some may be tolerable at this initial risk rating. It is important to

REV: 02
Page 14 of 21
note that the matrix must be designed in such a manner that the significance rating
of the various levels of risk is adequately reflected. This means that a low risk does
not end up rating more than a significant risk due to the other components of risk,
exposure and probability. A paper cut does not end up rating higher than a fatality
due to the high exposure and probability thereof.
The Risk Matrix, C/SMS/4.3.1R005, must be used to allocate values to the three
components of risk as to calculate the initial risk rating as well as the current and
residual risk ratings.
The columns in the template excel spreadsheet is preformatted to at the Severity
Rating indicate red as soon as a rating of 8 and above is allocated to this rating. This
is intended to make the person populating this information immediately aware of the
significance of this rating. The initial Risk Rating, Current Risk Rating and Residual
Risk Rating is pre programmed with a formula to multiply the Severity with the
Exposure with the Probability and give the result as soon as the three values have
been entered.
8. Current Controls must be listed

The current controls are then being considered. It is important to take note of the
hierarchy of risk reduction as required by the OHSAS 18001:2007 standard needs to
be applied when considering controls/mitigation or considering changes to existing
controls. Existing controls are therefore not required to be subjected to this. As with
everything else that is being done in the HIRA process, we need to be able to
demonstrate that this hierarchy have been considered in the consideration of
controls/mitigation or changes to existing controls/mitigation. What this means is that
there needs to be objective evidence that proves that the decision on a certain
control/mitigation included considering the hierarchy of risk reduction.
This is accomplished through the assessment team’s consideration of the hierarchy
when compiling the HIRA, as the HIRA format caters for the various elements of this
hierarchy and is considered by the team when entering the data into the format.
It is important to note it is impossible to demonstrate the effectiveness of
controls/mitigation when your initial risk rating is done including current controls. The
identified risk shall then not correspond with the severity rating allocated to it within
your criteria used to calculate the significance of the risk.
Each control/mitigation needs to be assessed individually as certain
controls/mitigation shall only affect certain components of the risk. PPE can mostly
only reduce the severity of a risk, unless it is specialised PPE specially designed for
certain functions.

REV: 02
Page 15 of 21
Engineering controls shall mostly have an influence on the exposure and probability
of the risk components.
Administrative controls may influence the exposure and probability components of

the risk, although the initial estimations needs to be kept low until adequate historical
data is collected as objective evidence that the administrative controls have a higher
effectiveness. The estimated effectiveness shall then be adjusted with reference to
the source or supporting evidence for this. These adjustments must be done yearly
when the HIRA is being reviewed.
Accident/Incidents are an indication that controls/mitigation have failed and may

indicated to lower effectiveness of controls/mitigation as initially estimated. Proper
accident/incident investigations need to collect this information, analyses of this need
to indicate to the root cause of the accident/incident and whether or not a
control/mitigation has failed. It therefore does not make sense to use
accident/incident statistics as criteria in the risk rating criteria but rather use it as an
indication as objective evidence supporting the effectiveness of listed
control/mitigation.
The following sources shall be considered when the estimated effectiveness of

controls/mitigation is reviewed:
Internal/External audit results and analyses of these

Accident/Incident investigations and analyses
Training results and analyses
Supervisor Inspection reports and analyses
Safety Officer Inspections and Reports and analyses
Legal compliance audit reports and analyses
Nonconformity reports and analyses
Checklist analyses
Planned Task Observations and analyses

REV: 02
Page 16 of 21
Hygiene assessments and analyses
Medical Surveillance reports and analyses
OHSAS 18001:2007 Clause 4.3.1. Pg 7

When determining controls, or considering changes to existing controls,
consideration shall be given to reducing the risks according to
the following hierarchy:
a) elimination;
b) substitution;
c) engineering controls;
d) signage/warnings and/or administrative controls;
e) personal protective equipment.
The organization shall document and keep the results of identification
of hazards, risk assessments and determined controls up-to-date.
9. Effectiveness of Controls
The columns “Estimated Effectiveness” in the template excel spreadsheet is set to

calculate the percentage risk reduction between the initial risk rating and the current
risk rating and the current risk rating and the residual risk rating. These columns is
set to indicate in what area the controls was the most effective by highlighting it
green = adequate; yellow = medium; red = low. This may be used as an indication
where areas of improvement may exist when additional controls are being
considered.
The history of accidents and incidents reflects on the effectiveness of our controls
and needs to play a role in the determination of the value allocated to the
effectiveness of the control. If an accident has happened while a certain mentioned
control is in place then it is obvious that one of these controls have failed and should
the value allocated to the effectiveness of this control be re-evaluated, thus
increasing your risk value each time you review the HIRA. Or the other way round, if
you have adequate proof of the effectiveness of one of your controls being higher

REV: 02
Page 17 of 21
than estimated then you need to adjust it accordingly, thus reducing the residual risk
value of a certain risk.
Obviously our initial allocation made to the effectiveness of a control is going to have
to be an estimation, only after we have collected adequate data and history can the
estimation be fine tuned based on the objective evidence collected. For example, if
training is one of our controls; our initial estimation on the effectiveness of this
control may be 50%. Only after we have collected adequate data from our training
department on the pass rate for a specific Safe Operating Procedure, and the level
of competency confirmed through PTO’s done by production supervisors on a
procedure and the results (Root Causes) of accident/incident investigations,
inspections, audit results can we fine tune the effectiveness of our controls to the
degree that our objective evidence support.
As with everything else in the HIRA and in terms of the OHSAS 18001:2007
Management Systems objective evidence of the effectiveness of controls must be
demonstrated, and again it must be practical and realistic and should make logical
sense. As with everything else we need to be able to prove how we came to your
residual risk rating.
If training is one of our controls, how did we measure the effectiveness thereof? The
same goes for supervision, mechanical guarding ect. Personal protective equipment
can never be 100% effective unless it is specifically designed for a specific purpose.
Further more Personal Protective equipment can only reduce certain of the
components of risk, like severity. PPE is only there to reduce the severity of an
accident/incident, it can never prevent an accident (probability) or the exposure
unless when it is specialized equipment designed for a certain function.
Therefore careful consideration must be given as to what the control measure is and
what its effect will be on which of the components of risk.
If our current controls does not reduce the risk to an acceptable level of risk then
additional controls or management plans needs to be develop in order to reduce the
risk to an acceptable level of risk.
The effectiveness of these additional controls also needs to be demonstrated.
Obviously again the initially effectiveness will only be estimated because only time
will tell whether or not they are really effective, again the historical data of
inspections, audits ext will help to fine-tune these estimations. All these shall be
documented as objective evidence as required by the OHSAS 18001:2007 Standard
in clause 4.3.1.
After determining the value of the effectiveness of the current and additional controls
these values are applied to the initial risk rating which results in the residual risk

REV: 02
Page 18 of 21
rating. This rating shall most probably be within the acceptable level of risk after you
have applied the current and additional controls.
Issue Based Risk Assessment/Continuous Base Risk Assessment and the

printing of the spread sheet:
The same HIRA Template is used as for the Baseline with the difference that the first
two tabs on the top must be closed and then can the document be printed as a form
to be used to conduct Issue Based Risk Assessments and Continuous Base Risk
Assessment.(The two minus signs ( - ) at the top of the spread sheet.
In order to print the Baseline HIRA for client usage purposes these two tabs ( - )
must be clicked, closed to make a (+), the third tab is left open (-) for the Current
controls to be viewed. The document can then be printed.
Issue Based Risk Assessments
Issue based risk assessments shall be conducted in the following instances:
 Specific Issues
 Incident and Accidents
 New Machinery
 New Plant Layout
 New Technology
 Significant Changes within the process
The issue based risk assessment is done on the same spreadsheet layout as for the
baseline risk assessment with the same matrix and significance ratings.
Continuous Risk Assessments

Continuous risk assessments are required to be conducted for all activities with
identified high risks as per the HIRA. Highly Routine activities may be subjected to a
weekly Continuous risk assessment provided that the Safety Officer and Site Agent
have agreed to this. The continuous risk assessments shall be conducted on the
same spreadsheet layout as for the baseline risk assessment using the same risk
matrix and significance ratings.
HIRA Spreadsheet:
The HIRA Spreadsheet is formatted as follow:

REV: 02
Page 19 of 21
The severity column shall automatically indicate any severity above and including a
rating of 8 in red; this is to assist in making the person more aware of the
significance of the rating.
Further is the initial risk rating and the current risk ratings formatted in such a way
that they will indicate whether the rating is a low, medium or high. Low = up to 299 =
Green. Medium = 300 to 599= Yellow. High = 600 plus = Red. The significance of a
risk is indicated on the Risk Significance table.
To print the spreadsheet for client and other purposes the following process needs to
be followed:
1. The first two tabs needs to be closed, indicating a + sign.
2. Select the area that is requires to be printed, on the toolbar select “Page
Layout”, “Page Setup”, “Print Area”, “Set Print Area”.
3. On the toolbar select the “Office Button”, place the cursor on print, a sub
menu will appear, select print preview.
4. On the Toolbar select “Page Setup”
5. Set the orientation to “Landscape”
6. Set the scaling to 55%
7. Set the paper size to A4
8. Close the print preview
9. To check if the selected area is indeed the area that will be printed reopen the
print preview and check what is it that will be printed.
10. Close print preview
11. Open the “Office Button” and select print.
The same procedure needs to be followed with the “HIRA CIVCON Blank Template”
that must be used for the “Issue Base Risk Assessments” and “Continuous Base
Risk Assessments”.

REV: 02
Page 20 of 21
Records
Record Record Record Responsible Record

Type Location Number Person Retention
Site H&S Skills

Matrix
Training Records
Training
Assessments
Contractor Audits
HIRA Team
Register
HIRA Input Form

HIRA Sheet
Risk Criteria/ Matrix
Mitigation Criteria
Matrix
External Reference
BS OHSAS 18 001:2007 First Published July 2007
Risk Management 1; Study Guide 1 of 1; Chapters 1 – 9; RMN111ZE; Edition4
Compiled by: Prof RW Vivian;
Revised by: L. Bennette & DC Haasbroek;
Edited by: HP Nicholas
Safety Principles and Practice 1; Study Guide1 (SPP101SE);
Compiled by: J De Beer, HJ Heyns
BOHSS Occupational Health and Safety Act and Regulations Act 85 of 1993;

REV: 02
Page 21 of 21
Revised Fourth Edition;
Compiled by: LexisNexis; Butterworth’s
Mine Health and Safety Act 29 of 1996;

Compiled by: Accident Prevention Consultants cc
Internal Reference
C/SMS/4.1 - Scope
C/SMS/4.2 - Policy
C/SMS/4.3.2 - Legal & Other Requirements
C/SMS/4.3.3 - Objectives and Programmes
C/SMS/4.4.1 - Resources, Roles, Responsibility, Accountability and Authority
C/SMS/4.4.2 - Competence, Training and Awareness
C/SMS/4.4.3.1 - Communication
C/SMS/4.4.3.2 - Participation and consultation
C/SMS/4.4.4 - Documentation
C/SMS/4.4.5 - Control of Documents
C/SMS/4.4.6 - Operational Control
C/SMS/4.4.7 - Emergency preparedness and response
C/SMS/4.5.1 - Performance measurement and Monitoring
C/SMS/4.5.2 - Evaluation of compliance
C/SMS/4.5.3.1 - Incident Investigation
C/SMS/4.5.3.2 - Nonconformity, Corrective action and Preventive action
C/SMS/4.5.4 - Control of Records
C/SMS/4.5.5 - Internal Audits
C/SMS/4.6 - Management Review

C-SMS-4.3.1. HIRA - Hazard Identification and Risk Assessment

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

C-SMS-4.3.1. HIRA - Hazard Identification and Risk Assessment

Uploaded by

Copyright:

Available Formats

SAFETY MANAGEMENT SYSTEM C/SMS/4.3.1.

Position: SHEQ Manager Position: Operations Manager Position: Managing Director

Signature: Signature: Signature:

- Risk Management – A hazard is a condition or activity that creates,

Position: SHEQ Manager Position: Operations Manager Position: Managing Director

Signature: Signature: Signature:

Ill Health - OHSAS 18001:2007 – identifiable, adverse physical or mental condition

Peril – NADSAM Study materials – Risk Management 1 – Pg 4

Position: SHEQ Manager Position: Operations Manager Position: Managing Director

Signature: Signature: Signature:

Safe(ty) – MHS Act - means safety at mines

Hazard Identification - OHSAS 18001: 2007 – process of recognizing that a hazard

Risk Assessment – OHSAS 18001:2007 – Process of evaluating the risk(s) arising

Position: SHEQ Manager Position: Operations Manager Position: Managing Director

Signature: Signature: Signature:

- NADSAM Study materials:

Risk Reduction: NADSAM Study material: Risk Management 1, Chapter5, Pg 77

Position: SHEQ Manager Position: Operations Manager Position: Managing Director

Signature: Signature: Signature:

ALARP – (As low as reasonably practicable) NADSAM Study Material – Risk

Position: SHEQ Manager Position: Operations Manager Position: Managing Director

Signature: Signature: Signature:

Tripartite Working Group: Practical guide to Risk Assessment:

Effectiveness of Controls/Mitigation: 3.22 risk assessment process of evaluating the

Position: SHEQ Manager Position: Operations Manager Position: Managing Director

Signature: Signature: Signature:

Position: SHEQ Manager Position: Operations Manager Position: Managing Director

Signature: Signature: Signature:

1. Scope of the HIRA:

Position: SHEQ Manager Position: Operations Manager Position: Managing Director

Signature: Signature: Signature:

2. Intent of the Legislation:

3. Practical Rules to follow:

Position: SHEQ Manager Position: Operations Manager Position: Managing Director

Signature: Signature: Signature:

To compile a HIRA a couple of simple rules need to be followed. Firstly a team of

Secondly in order to be able to create an environment that is without risk to the

Equipment, materials and substances also needs to be listed as these sometime do

Position: SHEQ Manager Position: Operations Manager Position: Managing Director

Signature: Signature: Signature:

4. List the Activities

Cognisance must be given to routine and non-routine activities – emphasis on

6. List the Risks associated with the Hazards

Position: SHEQ Manager Position: Operations Manager Position: Managing Director

Signature: Signature: Signature:

7. Assess the Risk

Position: SHEQ Manager Position: Operations Manager Position: Managing Director

Signature: Signature: Signature:

8. Current Controls must be listed

Position: SHEQ Manager Position: Operations Manager Position: Managing Director

Signature: Signature: Signature:

Administrative controls may influence the exposure and probability components of

Accident/Incidents are an indication that controls/mitigation have failed and may

The following sources shall be considered when the estimated effectiveness of

Internal/External audit results and analyses of these

Position: SHEQ Manager Position: Operations Manager Position: Managing Director

Signature: Signature: Signature:

OHSAS 18001:2007 Clause 4.3.1. Pg 7

The columns “Estimated Effectiveness” in the template excel spreadsheet is set to

Position: SHEQ Manager Position: Operations Manager Position: Managing Director

Signature: Signature: Signature:

Position: SHEQ Manager Position: Operations Manager Position: Managing Director

Signature: Signature: Signature: